Recommend a Security Suite

[occam]

what about kaspersky's latest internet security software, i think its 7
im not sure, is it any good?

I use Kaspersky Anti-Virus 7.0 (not the KIS security suite) and I find
it excellent for both WinXP and Vista. Really first class service and
support. (But it is not free like Avast and some others.)

One thing is certain - stay away from Norton if you have the choice!

 

[Charlie42]

Okay. The reason for my question was more because I was interested in
what problem these personal firewalls were meant to solve.

In-/outbound traffic control, monitoring applications using internet, port
stealthing, and so on.

I don't feel that a third party firewall is needed. Therefore I was
curious as to why you think so.

I don't, not since Vista was released anyway. At home I just use Vista
firewall alongside with my router firewall. They let me set the policies I
need to, and Defender/UAC keep sufficient control of my applications. I
think Vista FW could be more user friendly though, the 'advanced settings'
seem tucked away and complicated to the average home user.

But again: razor_303 asked about third party suites, so I felt I had tip
about some proper, less resource consuming, firewalls that can be used in
addition to NOD32.

The discussion over Vista vs. third party FW is an interesting one I think,
I haven't quite made my mind up yet, and I'd like to hear your points of
view.

Charlie42

 

[PTravel]

The outbound control myth is so tenacious.

It's not a myth. Again, do you have anything substantive to add, or do you
just like to snipe?

 

[Straight Talk]

It's not a myth.

Yes, it is. It's impossible in a windows environment for code A to
reliably prevent code B from calling out. Malware determined to call
out unattended won't let a PFW get in the way.

If the malware has system level access it can do what it wants, like
modifying the TCP/IP stack - or create it's own stack for that matter.

Or it may just piggy bag on an application you have already granted
access.

Malware is too dangerous to be something you allow to run thinking
that you can control it. It's something you don't run at all.

Again, do you have anything substantive to add, or do you
just like to snipe?

Calm down. I'm not the one needing to learn here.

Client Firewalls and Security Theater
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx

"Personal Firewalls" are mostly snake-oil
http://samspade.org/d/firewalls.html


* Instead of reducing the number of network-aware services, a personal
firewall is an additional service that consumes system resources and
can also be the target of an attack, as exemplified by the Witty [1]
worm.
* If the system has been compromised by Malware, Spyware or similar
software, these programs can also manipulate the firewall, because
both are running on the same system. It may be possible to bypass or
even completely shut down software firewalls in such a manner.
* The high number of alerts generated by such applications can
possibly desensitize users to alerts by warning the user of actions
that may not be malicious (e.g. ICMP requests).
* Software firewalls that interface with the operating system at the
kernel mode level may potentially cause instability and/or introduce
security flaws and other software bugs.
http://en.wikipedia.org/wiki/Personal_firewall#Criticisms

About "Comodo" - considered by many to be one of the top PFW's:
"The implementation of the security design is very superficial.
Today's malware creators would not have problems to bypass the
protection of Comodo. "
http://www.matousec.com/projects/wi...s/Comodo-Personal-Firewall-2.3.6.81/#security

 

[ptravel]

Yes, it is. It's impossible in a windows environment for code A to
reliably prevent code B from calling out. Malware determined to call
out unattended won't let a PFW get in the way.

If the malware has system level access it can do what it wants, like
modifying the TCP/IP stack - or create it's own stack for that matter.

Or it may just piggy bag on an application you have already granted
access.

And that's possible with any firewall. My post said AVG is a better
firewall than Windows because of the easier control over out-going
traffic. You seem to be advocating not using an outgoing firewall at
all. If you don't want one on your system because of it won't catch
every conceivable instance of unauthorized out-going traffic, fine.
No software offers 100% security. I'll go with one that offers some
fraction of that, and prefer the one that is easiest to configure and
the most transparent in its actions.

Malware is too dangerous to be something you allow to run thinking
that you can control it. It's something you don't run at all.

You seem to assume that anyone who uses a firewall doesn't know this.
I know this. However, advocating not using a firewall is like
advocating not using seat belts because they won't help you if your
car blows up.

Calm down. I'm not the one needing to learn here.

I'm going to guess what you do for a living. You're in IT, right?

I run into this attitude a lot.

Client Firewalls and Security Theaterhttp://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirew...

"Personal Firewalls" are mostly snake-oilhttp://samspade.org/d/firewalls.html

* Instead of reducing the number of network-aware services, a personal
firewall is an additional service that consumes system resources and
can also be the target of an attack, as exemplified by the Witty [1]
worm.
* If the system has been compromised by Malware, Spyware or similar
software, these programs can also manipulate the firewall, because
both are running on the same system. It may be possible to bypass or
even completely shut down software firewalls in such a manner.
* The high number of alerts generated by such applications can
possibly desensitize users to alerts by warning the user of actions
that may not be malicious (e.g. ICMP requests).
* Software firewalls that interface with the operating system at the
kernel mode level may potentially cause instability and/or introduce
security flaws and other software bugs.http://en.wikipedia.org/wiki/Personal_firewall#Criticisms

You're citing Wikipedia? Whatever.

I don't have any system instability because of running AVG, at least
no more than is introduced by Vista itself.

About "Comodo" - considered by many to be one of the top PFW's:
"The implementation of the security design is very superficial.
Today's malware creators would not have problems to bypass the
protection of Comodo. "http://www.matousec.com/projects/windows-personal-firewall-analysis/C...

More Wikipedia cites? 1. We're not talking about Comodo. 2. The
issue isn't whether malware can bypass firewalls, but whether running
a firewall will stop more malware than not running a firewall.

 

[Straight Talk]

And that's possible with any firewall. My post said AVG is a better
firewall than Windows because of the easier control over out-going
traffic. You seem to be advocating not using an outgoing firewall at
all. If you don't want one on your system because of it won't catch
every conceivable instance of unauthorized out-going traffic, fine.
No software offers 100% security. I'll go with one that offers some
fraction of that, and prefer the one that is easiest to configure and
the most transparent in its actions.

And thereby adding instability, and worst of all, introducing more
vulnerabilities to your system.

You seem to assume that anyone who uses a firewall doesn't know this.
I know this. However, advocating not using a firewall is like
advocating not using seat belts because they won't help you if your
car blows up.

Very bad analogy. Unlike outbound control, a seat belt does what it's
meant to do highly reliably and it does not make your care more
vulnerable.

1. We're not talking about Comodo.

I mentioned Comodo since it's often considered one of the best. I hope
you realize that the AVG thingie that you seem to rely on just leaks
like a sieve.

2. The issue isn't whether malware can bypass firewalls, but whether running
a firewall will stop more malware than not running a firewall.

This is where your argument fails, because you don't consider the
costs involved with adding PFW code.

And BTW, don't expect your AVG thingie to stop any malware at all..

 

[John]

razor_303 wrote:

But it's been several years since I've been tempted to try McAfee
products. Their quality seemed to take a steep nose-dive after they were
acquired by Network Associates.

I felt that way after Norton was acquired by Symantec. The original Norton
folks outshone everybody, including Symantec. Then Symantec bought them.
They haven't been as good ever since. Sure, they do throw a lot of money
into their product, but the quality that comes from enthusiasm is gone.

On the subject of the thread, however, I bit on CA's ad and spent all kinds
of time installing it, but when I ran it, it blew up. When I called for
support, the guy said, "Oh, we're not ready to support 64bit Vista yet." As
a programmer, I wondered why their software didn't know it was trying to
support the wrong operating system and refuse to install it! I don't recall
for sure, but I don't think the question was raised when I ordered the
software. I don't know if Vista64 has been in Beta since early 2006, but I
suspect it was since all kinds of developers have had 64bit products ready
at Vista introduction time. Needless to say, I'm not waiting for their
64bit system.

Bottom line: Someone asked in a post why folks were paying for antivirus
software when there were essentially as-good (if not better)
free-for-homeuse packages available. I bit and installed Avast 64bit. It
works fine, except that it needs a little better step-by-step: it has two
things come up and it's hard to figure out exactly what to do to insure it
is working, possibly because it is a Czeck group and I only do English. But
they seem to try hard and the basic product is very good, so I am very
pleased with Avast.

John

 

[Bruce Chambers]

And thereby adding instability, and worst of all, introducing more
vulnerabilities to your system.

Please provide some sort of documentation or White Papers to
substantiate what appears, on the face of it, and based on my
experience, to be a patently absurd claim. As you've been told, no one
thinks outbound protection is a magic bullet, but it does add an
addition layer of protection, and it certainly does not create
additional vulnerabilities. (Poorly designed, coded, or configured
individual applications might cause problems, but that doesn't render
the concept of outbound protection invalid.)





--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell

 

[Straight Talk]

Please provide some sort of documentation or White Papers to
substantiate what appears, on the face of it, and based on my
experience, to be a patently absurd claim.

What are you talking about? You are asking me to document the obvious
here!

I'm talking about adding 100+ hooks containing complex and buggy code
to already critical functions, which is what outbound "control" on a
windows host is about.

I'm talking about the impossible task of creating an entire security
layer on top of an OS providing numerous IPC methods for malware to
manipulate and interface with other app's.

In other words I'm talking about the foolishness of endangering your
system by adding numerous kernel hacks for no real benefit, since
malware determined to circumvent it will just do so anyway. And why
would malware not want to do so?

As you've been told, no one thinks outbound protection is a magic bullet,
but it does add an addition layer of protection, and it certainly does not create
additional vulnerabilities.

Oh, please...

 

[Bruce Chambers]

What are you talking about? You are asking me to document the obvious
here!

"Obvious" only to you, apparently. So far, the remainder of the IT
industry seems to remain unaware. But thanks for confirming that you
have *NO* way of substantiating your otherwise unfounded claims. That's
exactly what I anticipated.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell

 

[Straight Talk]

"Obvious" only to you, apparently. So far, the remainder of the IT
industry seems to remain unaware.

Don't give me this common wisdom BS.

But thanks for confirming that you
have *NO* way of substantiating your otherwise unfounded claims. That's
exactly what I anticipated.

Since you just snipped away all the stuff you didn't understand,
further debate would be a waste of time. EOD.

 

[Guest]

Don't give me this common wisdom BS.


Since you just snipped away all the stuff you didn't understand,
further debate would be a waste of time. EOD.

Guess Straight Talk chickened out then... Does he always do that? Him
constantly posting unsubstantiated opinions is pretty annoying. One for the
kill file?
JJ

 

[Straight Talk]

Guess Straight Talk chickened out then...

Guess the never-heard-of-before JanJ suddenly popped out to make a
fool of himself.

Does he always do that? Him constantly posting unsubstantiated
opinions is pretty annoying.

Do you have anything on topic to offer or are you just babbling?

One for the kill file?

Feel free to close your eyes.